1 solution

Solution 1

The most obvious reason the "query not executed" is that you don't show the actual call to ExecuteReader, or DataAdapter.Fill - I will assume that you have one or the other in there though.

Why are you casting password? Why are you storing them as text? Even using parameterized queries, that is not a good idea for security reasons. See here: Password Storage: How to do it.[^]

Once you have converted your passwords to a secure form, do a simpler query that returns the user_id and the password given only the username - then verify the password in the code behind instead of as part of the query. That way, the password you expect to be valid never leaves teh server, and you have much better control over what goes on.

Probably because they are compared as varbinary. So if there is any difference in the value you stored compared to the value of the string as cast to a varbinary (and that may well include unassigned values) it will fail. So if your store routine saves the string as "abc" followed by 27 spaces, and the cast converts it to "abc" followed by 27 nulls they will not match.
It's also possible that one is cast from Unicode, and the other isn't, or similar problems.